📦

js-bson

Vendor: mongodb

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 1 Remote Access

Total CVEs 3 Total Indexed

Avg. EPSS 0.38% Exploit Prob.

Latest CVE CVE-2019-2391 Mar 31

Security Vulnerability Index

Page 1 / 1

4.2 CVSS

CVE-2019-2391

RCE

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON. This may cause unexpected application behaviour including data disclosure. This issue affects: MongoDB Inc. js-bson library version 1.1.3 and prior to.

EPSS: 0.38%

Severity: MEDIUM

Mar 31, 2020

7.5 CVSS

CVE-2018-13863

Exploit Found

The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is triggered when the Decimal128.fromString() function is called to parse a long untrusted string.

EPSS: 0.39%

Severity: HIGH

Jul 10, 2018

Displaying 2 of 3 Total Entries

Total 1 Sections